Mozilla Foundation Security Advisory 2009-06

Directives to not cache pages ignored

Announced

February 3, 2009

Reporter

Paul Nel

Impact

Low

Products

Firefox

Fixed in

Firefox 3.0.6

Description

Paul Nel reported that certain HTTP directives to
not cache web pages, Cache-Control: no-store and Cache-Control:
no-cache for HTTPS pages, were being ignored by Firefox 3. On a
shared system, applications relying upon these HTTP directives could
potentially expose private data. Another user on the system could use
this vulnerability to view improperly cached pages containing private
data by navigating the browser back.